The `acme.NewClient` function's `caDirURL` argument is expected to be
the full path to the ACME server's directory endpoint. In the README
example of using Lego programmatically against a Boulder instance only
the hostname & port are provided but not the directory path:
`"http://192.168.99.100:4000"`
This produces an error like:
```
2018/01/15 14:34:06 get directory at 'http://192.168.99.100:4000': invalid
character '<' looking for beginning of value
```
When used verbatim with a Boulder container since the `/directory` is
missing and "What is an ACME server" HTML index page is returned.
This commit updates the example to use:
`"http://192.168.99.100:4000/directory"`
Which allows the example code to work with Boulder as-intended.
* Fix zone detection for cross-zone cnames
CNAMEs cannot co-exist with SOA records so responses with
a CNAME should be skipped.
The `cross-zone-example.assets.sh.` is currently hosted by
me (@fd) and will continue to exist for as long as the assets.sh
domain exists. (The assets.sh domain is used as a CDN and is unlikely
to go away.)
See #330
* Extracted CNAME checking to simplify the FindZoneByFqdn control flow.
They will not get anymore an error message saying
"Could not find the start of authority".
Finding the zone cut of a FQDN now only rely on the presence
of a SOA record. Indeed, in the context of an eTLD the
authority will be the eTLD itself so you need to continue
to recurse until you get an answer instead of cutting the search
when you find the public suffix of a domain.
Fixes#434
* Dockerfile broken with old alpine version with old go
3.4 no longer works with error
```
package context: unrecognized import path "context" (import path does not begin with hostname)
```
3.5 with no changes did not work with error
```
# runtime/cgo
/tmp/go-build671992352/runtime/cgo/_obj/_cgo_export.c:2:20: fatal error: stdlib.h: No such file or directory
#include <stdlib.h>
^
compilation terminated.
```
3.6 with no changes did not work with error:
```
# github.com/xenolf/lego
/usr/lib/go/pkg/tool/linux_amd64/link: running gcc failed: exit status 1
/usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find Scrt1.o: No such file or directory
/usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find crti.o: No such file or directory
/usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find -lpthread
/usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find -lssp_nonshared
collect2: error: ld returned 1 exit status
```
* Fix git tag to freeze successfully builded image.
Fix git tag to freeze successfully builded image (prevents issues with newer versions in the future, plus uses stable release)
* Update Dockerfile according to PR comments
* Forgot /go in rm
* Bump lego version
* Add otc provider.
* Added tests for provider otc.
* Format dns_providers
* fix getZoneId
* Add for tests for provider otc.
* Add proxy to transport in otc provider.
* Use DefaultTransport in otc provider.
* Make loginRequest private in provider otc.
* better error handling in provider otc.
* add more tests for provider otc.
* dns/route53: Allow specifying hosted zone ID
This commit adds support for specifying hosted zone ID via the
environment variable AWS_HOSTED_ZONE_ID. If this is not specified, the
previous discovery process is used.
This is useful in environments where multiple hosted zones for the same
domain name are present in an account.
* dns/route53: Fix up getHostedZoneID method params
Now that getHostedZoneID is a method on the DNSProvider struct, there is
no reason for it to take the Route53 client as a parameter - we can
simply use the reference stored in the struct.
The help documentation still points to the old environment variable
(DNSIMPLE_API_KEY) so attempts that use that fail with: `DNSimple OAuth token is missing`.
This updates it with the correct key `DNSIMPLE_OAUTH_TOKEN`.
* Move nonce retry from jws to http
The error raised by an "invalid nonce" response never appeared
inside jws.go, but instead it was handled at http.go, so it makes
sense to move the retry logic to that file. The previous code from
jws.go had no effect and did not solve issues related to invalid
nonces.
* Rename retry response variable name for clarity
If `links["next"] == ""` the early return does not send neither success, nor failure to outer code,
which leads to whole `getChallenges` method being stuck forever, cause it waits for either `resc` or `errc` to receive message.
* [reduce-locking] Prepare for change
* [reduce-locking] Do not lock on http request
* [reduce-locking] Move getNonce and getNonceFromResponse from jws struct cause they do not need access to it
* [reduce-locking] Extract nonceManager
* [reduce-locking] Add test that tries to show locking on http requests problem
* Close response body in error case
* Ensure the body of both responses is closed when polling for cert
Also make a new const of maxBodySize, and cap the number of polls
to a maximum of 1000.
* More correct placement for polling limit
* Move const to the top
* add issuer certificate to CertificateResource
Also write it out to the file system when running "lego run"
Removed caching of the issuer certificate inside the acme client, since
it didn't appear to be used.
* only append issuerCert to issuedCert in case of success
Effectively a no-op since issuerCert will be nil on error, but it seems
more correct to only do it if fetching the issuer succeeds.
